Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-db2ygascpj
Target c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac
SHA256 c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac

Threat Level: Likely malicious

The file c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3871) files with added filename extension

Renames multiple (5285) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:50

Reported

2024-06-11 02:53

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe"

Signatures

Renames multiple (3871) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.WPG.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\IACOM2.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe

"C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 44d71484c99a9761e31d9075aa9b0f88
SHA1 f789805454d9ed1040077a8a233da3373cde6cdf
SHA256 0fc37202b1e8960e7fa3e86bc8388c31e4e44a8cecd157c62de88b41d021e058
SHA512 74973ae323eee4d4ff1e2ead61058533b788a957bc5015eec17f577bbd29c0862a1ad1f941a87ae800b14d8d66b62a0f165c47f904daa4baa26194fb5bcd2267

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7cc634f85ce5f971f87bc376499dce94
SHA1 0b84b1d252b66364f19a147be06aa949d29b6451
SHA256 0010c884adeb9427b9db444b8e67cb248c1a7252fa424b58aefc7a69c6a25d2a
SHA512 c58794675f815e6c8928d812e84caaa8dafeecfc9dd3b5461d17e96858a691366a5fa0c28aed8bff20725ed22adbb8d9dc20ef2cc550640c9c2849301254f183

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:50

Reported

2024-06-11 02:53

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe"

Signatures

Renames multiple (5285) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe

"C:\Users\Admin\AppData\Local\Temp\c290dc5c061a8dea54dfdeca889119b1904f0124c9396192b5523dc114d2f3ac.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 e5e53dcd3f3c15c525407dba05e0feb3
SHA1 f8fbe4589e59608c60e74c5afd819e05ce2872b1
SHA256 1897a425cf2efd69e62bfd038e8b5bc3352fcedc2025213a48fd2e5f5e752e0e
SHA512 35bdac3bca1a22902a2704361011a5e66acbe026a4688830ba9b85811545e0d2703d3a6bd76023c9a98e99d016d3d7c4a186c9e9a127bc7092ca7b81ac4d708d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 91c144be2adb60845078cd37c444f433
SHA1 a6fc7d624accc4a03438ca3f011cc4565aa53e90
SHA256 effda10bad813ffe576782db26e84991e6a52e9513a7add4f2ef213cf4595b7a
SHA512 f2f5b9ddad66b7ed9453f9515b63736b2c7f024ca1330c39e529323435cc6a1322b274bc46aa48640a49a9850d899ddd19909331401b50f093e03aa15aeac543